Data Protection Policy

Last updated: March 2024

Introduction

PostCare+ is committed to protecting the personal and health data of our users. This Data Protection Policy outlines our practices for collecting, processing, and securing sensitive information in compliance with international data protection standards and Rwandan law.

Data Protection Principles

We adhere to the following principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Health Data Protection

For health-related data, we implement additional safeguards:

  • End-to-end encryption of medical records
  • Strict access controls for healthcare providers
  • Regular security audits
  • Compliance with healthcare data regulations
  • Secure data transmission protocols

Data Processing Procedures

Collection

We collect personal and health data through:

  • Direct user input
  • Healthcare provider submissions
  • Automated monitoring systems
  • Third-party integrations (with consent)

Storage

Data storage practices include:

  • Secure cloud infrastructure
  • Regular backups
  • Data encryption at rest
  • Geographic data residency compliance

Data Access and Control

We implement strict access controls:

  • Role-based access control (RBAC)
  • Multi-factor authentication
  • Audit logging
  • Regular access reviews

Data Retention

Our retention policies specify:

  • Retention periods for different data types
  • Secure data disposal procedures
  • Archive policies
  • Legal hold procedures

International Data Transfers

When transferring data internationally, we ensure:

  • Compliance with cross-border data transfer regulations
  • Appropriate safeguards and security measures
  • Data processing agreements with third parties
  • Transparency about data locations

Data Breach Response

Our breach response plan includes:

  • Incident detection and reporting procedures
  • Notification protocols
  • Investigation procedures
  • Mitigation strategies
  • Post-incident review

User Rights

Users have the right to:

  • Access their personal data
  • Request data correction
  • Request data deletion
  • Object to data processing
  • Data portability
  • Withdraw consent

Compliance and Certification

We maintain compliance with:

  • Rwanda Data Protection Laws
  • International healthcare data standards
  • Industry security certifications
  • Regular compliance audits

Updates to This Policy

We regularly review and update this policy to reflect changes in our practices and regulatory requirements. Users will be notified of significant changes.

Contact Information

For questions about our data protection practices, please contact our Data Protection Officer:

  • Email: dpo@postcare.com
  • Address: University of Rwanda, Huye Campus, Huye District, Rwanda
  • Phone: +250 (123) 456-789